Share this:

Like this:

Here I described vulnerability in D2GetAdminTicketMethod docbase method, after that EMC released D2 4.2 where they have started encrypting return values passed through c6_method_return object, but their solution was still vulnerable, now in D2 4.2.1 they made a decision to treat snots instead of increasing technology level of D2. Note, that security advisory is still not published:

that according to the statements provided above means that EMC does not “want to inform customers about a new or updated recommendation on security best practices”.

Like this:

EMC Documentum Content Server may be vulnerable to an information disclosure vulnerability that may potentially be exploited by malicious users to gain unauthorized access to metadata. This is due to improper authorization checks being performed when trying to access metadata from folders outside of restricted folders configured for Content Server users. This vulnerability is only limited to reading the metadata as the malicious user is not able to gain read/write access to the content itself.

The researcher of this vulnerability is Yuri Simione, he is even going to publish “exploit” (however it took 10 minutes for me to understand how to exploit vulnerability, but I’m not going to publish any related information). Initially I was confused by the following thing: Yuri writes that he discovered vulnerability in January 2014, EMC has written that vulnerability is fixed in CS7.1SP2 (released on March 1, 2014), so it takes just one month to fix vulnerability (note that usage of restricted folders feature causes wrong results for some queries). EMC is trying to fix multiple XSRFs more than year and still does not get any success, privilege escalation vulnerabilities was discovered by me in November 2013 and those vulnerabilities are still not fixed, but it’s worth to fix low-impact vulnerabilities within a month, what a shame!Continue reading →